Understanding the Payment Acquiring Business Process: A Comprehensive Guide to Secure and Efficient Transactions 💳

Introduction

The acquiring process is a coordinated sequence of operational, technical, and security measures that enables merchants to accept electronic payments in both physical and online environments. It spans card-present channels such as ATMs, fixed POS terminals, and mobile POS devices, as well as card-not-present channels like e-commerce platforms and digital payment gateways.

The flow begins with merchant onboarding and extends all the way to dispute resolution. It involves merchant vetting, secure device provisioning, message routing via card networks, real-time authorization, clearing and settlement of funds, fraud detection, reporting, and claims handling.

Modern acquiring requires an interplay between hardware (POS devices, ATMs, mPOS readers), firmware (certified EMV kernels, encryption modules), software (POS applications, gateway integrations, merchant dashboards), and security protocols (EMV cryptograms, 3D Secure authentication, tokenization).

1. Merchant Onboarding

Purpose and Process Merchant onboarding is the formal integration of a business into the acquiring ecosystem. This phase ensures that the merchant is legitimate, financially sound, and capable of handling transactions securely.

• Compliance Checks: KYC (Know Your Customer) and AML (Anti-Money Laundering) screening verify the business’s identity and ownership.
• Risk Profiling: Acquirers assess transaction volumes, industry category, and operating model to determine fee structures and fraud risk.
• Technical Enablement: Devices (POS, ATM, mPOS) are provisioned with merchant IDs, terminal IDs, and secure firmware. Online merchants receive payment gateway credentials, API keys, and sandbox testing access.

Example: A national coffee shop chain signs an acquiring contract. Each branch receives a POS terminal preloaded with EMV-enabled firmware and configured for contactless payments. The acquirer also provisions an e-commerce API for the chain’s mobile ordering app.

2. Transaction Processing

A transaction begins when the customer initiates payment—by tapping a card, inserting it into a chip reader, swiping, scanning a QR code, or completing an online checkout form. The terminal or application collects payment details, encrypts sensitive information, and transmits it to the acquirer.

Operational Steps

• Data Capture: POS firmware reads chip, contactless, or magstripe data; ATM software captures card and PIN input.
• Message Formatting: Transaction details are formatted into ISO 8583 or equivalent messages containing elements like PAN, amount, merchant ID, and terminal capabilities.
• Secure Transmission: Data is encrypted using terminal-resident keys before being sent over dedicated payment networks or VPNs.

Example: At a retail store, a wireless POS terminal reads a contactless debit card. The encrypted payment data is sent over the acquirer’s secure channel for processing.

3. Authorization

Authorization confirms whether the transaction should proceed. Once the acquirer receives the payment request, it is forwarded to the card network, then to the issuing bank. The issuer applies multiple checks:

• Card Validity: Confirms the card is genuine, not expired, and not blocked. In EMV transactions, the chip generates an Application Cryptogram—a cryptographic proof of transaction integrity.
• Funds Availability: Verifies the customer’s balance or available credit limit.
• Fraud Screening: Applies velocity rules, location checks, and spending pattern analysis.
• Additional Authentication: For e-commerce, 3D Secure prompts the customer to verify their identity with a one-time password, biometric, or banking app confirmation.

Example: A customer books a flight online. After entering card details, they are redirected to their bank’s 3D Secure page to enter an SMS code. The bank validates the code, verifies EMV data, checks funds, and approves the transaction.

4. Clearing and Settlement

Authorization only reserves funds. Clearing reconciles transaction records between acquirers, card networks, and issuers. Settlement is the actual transfer of money.

How It Works

• Batching: Approved transactions are grouped into daily batch files.
• Interbank Reconciliation: Card networks route these batches to the appropriate issuers for matching against authorizations.
• Funds Transfer: Issuers send funds to the acquirer’s settlement account, which then credits the merchant’s account minus fees.

Example: An electronics retailer processes 300 card sales in one day. Overnight, the acquirer sends batch data to the card networks, and two days later, the net amount is deposited into the retailer’s account.

5. Fraud Management

Embedded Security Fraud prevention starts at the device and continues through the network. POS terminals and ATMs include tamper detection—if opened, encryption keys are erased. Transactions are monitored in real time for abnormal patterns.

Methods Used

• EMV Security: Unique cryptograms per transaction prevent card cloning.
• Behavior Analysis: Detects out-of-pattern spending, rapid consecutive transactions, or location anomalies.
• 3D Secure in E-commerce: Requires customer authentication to reduce fraud liability.

Example: A card is used for an ATM withdrawal in one city, then for a large online purchase abroad 20 minutes later. The issuer’s system detects the anomaly and blocks the second transaction.

6. Reporting and Analytics

Reporting ensures operational transparency for both merchants and acquirers.

• Merchants use reports to reconcile daily sales with bank deposits.
• Acquirers use them to track transaction volumes, monitor device performance, and identify suspicious patterns.

Example: A supermarket reviews its POS report and notices one terminal has a higher-than-average decline rate, indicating possible reader hardware issues or network instability.

7. Dispute Handling

When a cardholder disputes a charge, the issuer initiates a chargeback process. The acquirer requests evidence from the merchant—such as signed receipts, shipping confirmation, ATM transaction logs, or video footage.

If the evidence supports the merchant, the acquirer sends it to the issuer via the card network for final decision. Card scheme rules dictate time limits and acceptable proof types.

Example: A customer claims they never received their online order. The merchant submits courier delivery proof with signature. The issuer accepts the evidence, reverses the chargeback, and returns funds to the merchant.

Conclusion

From the moment a merchant is onboarded to the moment a dispute is resolved, the acquiring process blends regulated compliance procedures with high-speed technical operations. It spans physical devices, firmware, network protocols, software applications, and secure banking infrastructure. Whether it is a chip-and-PIN transaction at a supermarket, a mobile wallet payment at a pop-up stall, or a 3D Secure checkout online, the same principles apply: secure capture of data, controlled authorization, accurate reconciliation, and effective risk management.

#PaymentAcquiring #POS #ATM #Ecommerce #mPOS #PaymentGateway #3DSecure #TransactionProcessing #ClearingAndSettlement #FraudPrevention #MerchantServices #Fintech #PCICompliance